Foreword: There are a few more related programs to come out to Symantec Connect. So if this appear to be a little limited or incomplete, keep this in mind for now. And watch this space for the release of the aila2 main and child programs ;-).
Introduction:
IIS log files can contain a lot of interesting data for various troubleshooting purposes, however given the number of Altiris applications running on IIS it can be very difficult to access the data that interest you quickly and efficiently.
aila2-filter was designed to help in this specific case, with filtering options available on the URI-Stem and time-taken fields (more fields will be avialable with future versions, but these 2 fields were considered sufficient to provide a viable solution now).
Usage:
Usage: aila2-filter [options]
Options:
-f, --file The path to the IIS log file you want to filter. This
field is optional.
-t, --time-taken n Filter on request that are taking long n milli-
seconds. This only works if the IIS schema contains
the time-taken field.
-i, --inclusion-filter ""filter string""
Filter the IIS log file to include all request that
match the entries provided in the filter string. The
filter string is a list of space seperated entries.
Each entry will be checked against the uri-stem field
and matching entries will be printed out.
-x, --exclusion-filter ""filter string""
Filter the IIS log file to exclude all request that
match the entries provided in the filter string. The
filter string is a list of space seperated entries.
Each entry will be checked against the uri-stem field
and matching entries will not be printed out.
-s, --short This option control the output formatting. If selected
the output log file will only contain the following
fields (and any other fields will be discarded):
date
time-taken
cs-method
cs-uri-stem
cs-uri-query
cs-username
c-ip
sc-status
sc-substatus
sc-win32-status
time-taken
If no file is specified the input will be read from the console (stdin).
If no arguments are specified this help message will be shown, as we expect at
least one of the 3 filters to be set (if you need to print a file to stdout you
can use type) or the --short option.
Note! The 3 filter are cascaded, which has some implication on what data will
be displayed. Here is a detail explanation of the proceedings:
Stage 1: time-taken entries are matched. If nothing is specified by the
user we use 0 as base. Entries greater or equal to the specified time-taken
are passed on to the next filtering level.
Stage 2: exclusion entries are matched. Any match from the exclusion filter
will not be printed out or passed on to the next level. If no exclusion
filters are defined the entries are passed on to the next level.
Stage 3: inclusion entries are matched. Any match from the inclusion filter
will be printed to stdout, miss will be discarded. If inclusion filters are
not defined all entries received at this level are printed to stdout.
Samples:
aila2-filter.exe -f u_ex131231.log -t 5000 -x ""itemservices.aspx console.
asmx"" -i ""console""
This filter will display all console operations but the itemservices and
web-services hits (that are generated by the browser and not indicative of
user operation).
aila2-filter.exe -f u_ex131231.log -i ""inventoryrule postevent""
This filter will output all post event data and inventory rule data to
stdout
aila2-filter.exe -f u_ex131231.log -t 10000 -x ""altiris/ns/agent"">
u_ex131231_5000ms.log
Output all requests outside of the NS/Agent uri that took longer than .5
seconds to complete and write the output to file u_ex131231_5000ms.log.
I would like to provide additional samples but my own servers are not generating much or interest, and I can't share other data for confidentiality reasons.
If this tool proves to be useful for you, or if you want to report bugs or ask for features, please add a comment below (real life short samples are more than welcome).
Document history:
2014-01-07, Version 1 release.
File name: aila2-filter.exe
MD5 hash: deea632c188e86f6a25d03b270184126
SHA256 hash: 928b60f7c51cb29e5f190a66ef7f9d5c48033d7adcfb83e51985dd38b0e5bc3e
Note: this is the base release. It includes filters and output control options, but only supports 2 fields for filtering (cs-uri-stem and time-taken).